Microsoft RemoteFX: USB and Device Support

1

Nelly PorterGroup Program Manager

Remote Desktop VirtualizationMicrosoft Corporation

SESSION CODE: WSV309

Why RemoteFX USB Devices?High Level vs. Low Level RedirectionCore components What do you need to know to allow USB devices to be redirectedDemos!

2

Experience RemoteFX Devices

81%

3

The single largest security risk …

Close the experience gap between Local and Remote

4

RemoteFX meets RDP Goals

I want to be able to use devices I want, and have it just work

5

Why RemoteFX USB Devices?

AdvantagesNo client drivers necessaryWorks with any device

DisadvantagesOnly one session can use a USB device at a time

Best of the Two WorldsUse Both!

6

Where would you use RemoteFX USB Devices?

RemoteFX Audio DevicesE.g. USB speakers, USB headset, USB Microphone, USB Phone

7

RemoteFX HID DevicesE.g. Tablets, Media remotes, Joysticks, and many more

8

Printers and Scanners

Printers onlyEasyPrint or legacy redirections

Printers as multi-function device

RemoteFX USB Scanners only

RemoteFX USB9

Most Wanted RemoteFX DevicesPlace #2 and #3

10

It sees you when you are working, it knows when you come late...Fire over six meters, giving you coverage for over 113 square meters

11

Other Devices (isochronous and bulk transfer)E.g Office warfare ( Rocket Launcher with WebCam Combo)

StabilityDriver failures should NOT bring down the system

Driver failures are isolated to the VMApplications are transparent to redirected devicesIsochronous, layered drivers, with services or withoutIntegrate with PnP subsystem for device installs, driver load/unload

SecurityDriver failures should NOT compromise the system

Driver failures are isolated to the VMDriver interfaces should be validatedObey all USB “restriction” policies

Work for both KMDF and UMDF drivers

12

RemoteFX USB Devices Design Goals

Provided by:

Microsoft

IHV/ISV

RemoteFX USB HUB Filter

RemoteFXUSB Hub

RDP7.1 Client

RemoteFXRedirected Device

Proxy

USB Device Driver

User

Kernel

RemoteFX DevicesEnumeration

RemoteFX Generic USBDriver

USB HUB

SessionsNotifications

ServerClient 13

Architectural Block Diagram

Windows Kernel(I/O Mgr, PnP)

USB HUB2

Provided by:

Microsoft

IHV/ISV

14

USB DeviceDriver

1

Application

3

4User

Kernel

Win32 I/O API

Local USB Device Arrival

USB DeviceDriverWindows Kernel

(I/O Mgr, PnP)

RDP Client

RemoteFX USB Hub Filter

USB HUB

2

43

Provided by:

Microsoft

IHV/ISV

15

VMRDP Server

Remote FX Generic USB Driver

5

User

Kernel

1

RDP

6

USB Device Claimed by RDP Client

RemoteFX Device Proxy

RemoteFX USB HUB

7

USB DeviceDriver

9Provided by:

Microsoft

IHV/ISV

16

Application

10

VMRDP Server

11

User

Kernel

Device Claiming, VM side

Windows Kernel(I/O Mgr, PnP)

8

Win32 I/O API

USB Device DriverRemoteFXUSB Hub

Data Flow path similar to “claim device” In reverse order

Auto-reconnectNo changes until all attempts to restore connection exhausted

DisconnectAll devices removed

17

VMRDP Server

Device Removal

Device Removal and Cleanup

Provided by:

Microsoft

IHV/ISV

Server has to authenticate itselfEven when client and server both authenticated

Data returned from the device on the client or server is considered “not trusted”Additional validation is provided for subset of IOCTLs and URB interfaces, e.g.

All IDs returned from the device prior to be used on serverEvery URB packet request

Should meet USB 2.0 specification

18

Security Data Flow

Most Wanted RemoteFX DevicePlace #1 19

Heavy Investments in RDP with RemoteFX

20

Additional Resources

Email rfxusb@microsoft.com

Read more on RDV Blog

21

Resources

www.microsoft.com/teched

Sessions On-Demand & Community Microsoft Certification & Training Resources

Resources for IT Professionals Resources for Developers

www.microsoft.com/learning

http://microsoft.com/technet http://microsoft.com/msdn

Learning

Complete an evaluation on CommNet and enter to win!

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st

http://northamerica.msteched.com/registration

You can also register at the

North America 2011 kiosk located at registrationJoin us in Atlanta next year

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

JUNE 7-10, 2010 | NEW ORLEANS, LA